Contracting Resources Group (CRG) is seeking a full-time C-SCRM Supplier Assessor to support the Department of State's (Department) Cybersecurity Supply Chain Risk Management (C-SCRM) Program. The mission of the Department's C-SCRM Program is to identify, assess, manage, and mitigate the risks associated with the distributed and interconnected nature of information and communication technologies (ICT) and operational technology (OT) supply chains.

As an experienced IT consulting/services professional, you will be responsible for advising and assisting the Department of State's C-SCRM Program Team in the following support areas:

• Working as a part of the C-SCRM Operations Team to assess ICT/OT companies, products, and services,
• Performing the Department's C-SCRM risk assessments and analysis and documenting findings,
• Technical consultation to assist in the development of the Department's C-SCRM implementation,
• Supporting the development of the C-SCRM Program Team directives and guidance analysis, and
• Perform other tasks as requested.

This work will involve interacting with stakeholders across the Department, including various Bureaus and offices. ICT Supplier reviews and recommendations are made to improve the Department's enterprise-level C-SCRM status. The C-SCRM Supplier Assessor will support the development of essential C-SCRM program services to increase transparency, consistency, and information flow across the Department.

Responsibilities include, but are not limited to:

• Demonstrated experience and understanding of cybersecurity supply chain risk management and methods used to compromise cyber supply chains,
• Serve as the subject matter expert (SME), possessing in-depth knowledge of C-SCRM best practices and policies,
• Monitor progress and manage risk while ensuring stakeholders are kept informed about progress and expected outcomes,
• Demonstrated knowledge and experience with NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations and the NIST Cybersecurity Framework,
• Leverage cybersecurity frameworks (e.g., NIST CSF, NIST 800-53, NIST 800-37, NIST 800-161, v1) to conduct assessments,
• Thorough understanding and experience working with the Risk Management Framework (RMF) or equivalent and experience with the Assessment & Authorization (A&A) processes.

Qualifications include, but are not limited to:

• Strong communication, interpersonal, and organization skills,

• Highly self-motivated, independent thinker, and team player,

• Ability to work in a fast-paced environment, balancing competing demands and deadlines,

• Comfortable facilitating group discussions and working to bring stakeholder discussions toward consensus,

• Experience interacting with high-level government and civilian leaders,

• Ability to work both independently and collaboratively in a fast-paced, high-visibility environment,

• Ability to multi-task, with strong attention to detail, while keeping an eye on strategic goals,

• US Citizenship is required,

• Must meet eligibility requirements for access to classified information and be clearable to a Department TS/SCI clearance, and

• University Degree (BA/BS) or equivalent experience and minimum 2 years of related work experience, preferably with the DoD or at a Federal Agency.

This Qualification Would Be Nice to Have:

• Demonstrated experience in developing a C-SCRM strategy and implementation plan for a Federal Agency,

• Security+ or equivalent certification.

**
**

**
**